Strix
26.1K

CVE-2018-7066

UnknownEPSS 3.48%

Last modified

CVE-2018-7066 is a vulnerability of currently unknown severity. An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. EPSS estimates a 3.48% chance of exploitation in the next 30 days.

Description

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix.

Metrics

EPSS Probability
3.48%

87.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
ArubanetworksClearpass Policy Manager< 6.6.10
ArubanetworksClearpass Policy Manager>= 6.7.0, < 6.7.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-7066?
An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. The ClearPass OnConnect feature permits administrators to link other network devices into ClearPass for the purpose of collecting enhanced information about connected endpoints. A defect in the API could allow a remote attacker to execute arbitrary commands on one of the linked devices. This vulnerability is only applicable if credentials for devices have been supplied to ClearPass under Configuration -> Network -> Devices -> CLI Settings. Resolution: Fixed in 6.7.5 and 6.6.10-hotfix.
How severe is CVE-2018-7066?
Severity scoring for CVE-2018-7066 is pending analysis. The EPSS model estimates a 3.48% probability of exploitation in the next 30 days.
How do I fix CVE-2018-7066?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-7066?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST